| Welcome, Guest |
You have to register before you can post on our site.
|
| Latest Threads |
mup.gov.rs nema aktivan H...
Forum: Neadekvatno zaštićeni resursi
Last Post: milos_rs
Yesterday, 01:27 PM
» Replies: 0
» Views: 37
|
WhatsApp Scam - Tagger me...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
Yesterday, 10:26 AM
» Replies: 6
» Views: 551
|
euprava.gov.rs širi spam ...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
04-25-2024, 08:58 PM
» Replies: 0
» Views: 92
|
lažni sajt sa sloganom po...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
04-25-2024, 12:57 PM
» Replies: 0
» Views: 30
|
kompromitovan kraljevikon...
Forum: Kompromitovani resursi
Last Post: milos_rs
04-25-2024, 12:43 PM
» Replies: 0
» Views: 34
|
Kompromitovani računari z...
Forum: Kompromitovani resursi
Last Post: VincaSec
04-25-2024, 11:31 AM
» Replies: 2
» Views: 46
|
Stotine hakerskih napada ...
Forum: Vesti, zanimljivosti i razno
Last Post: VincaSec
04-24-2024, 08:59 PM
» Replies: 0
» Views: 34
|
Grad Beograd traži sliku ...
Forum: Vesti, zanimljivosti i razno
Last Post: milos_rs
04-24-2024, 04:44 PM
» Replies: 0
» Views: 34
|
Kompromitovani nalozi/rač...
Forum: Kompromitovani resursi
Last Post: milos_rs
04-23-2024, 02:46 PM
» Replies: 0
» Views: 71
|
Srpski CTF tim CyberHero ...
Forum: Vesti, zanimljivosti i razno
Last Post: NZT
04-22-2024, 09:19 AM
» Replies: 0
» Views: 69
|
|
|
| Zdravo!! |
|
Posted by: Jana - 10-19-2023, 12:35 PM - Forum: O Vama
- Replies (3)
|
 |
Ja sam Jana, veliko interesovanje za IT mi je poteklo od dugo godina igranja igrica i zbog toga sam odlucila da studiram softverski inzenjering. Objektivno sam nova u ovom svetu ali me najvise interesuju eticko hakovanje i cyber sec.
|
|
|
| Lažne vesti o Siniši Malom i jednokratnoj pomoći |
|
Posted by: 1van - 10-19-2023, 12:31 PM - Forum: Phishing / Scam / Spam kampanje
- No Replies
|
 |
Quote:Ministarstvo finansija upozorilo je građane da su se, kako navode, proteklih dana u javnosti pojavile lažne vesti sa lažiranim izjavama ministra Siniše Malog, koje se, dodaju, plasiraju "preko neproverenih, jednokratnih portala, društvenih mreža i alata za onlajn komunikaciju, sa lažiranim logom medija i lažiranim izvorima i citatima".
„Poslednja u nizu je lažna vest da penzionerima neće biti isplaćena jednokratna pomoć od 20.000 dinara, te da će penzije biti umanjene, a koja se građanima direktno šalje preko platforme ‘Viber'“, navode iz ministarstva.
Nijedna od tih informacija nije tačna, poručuju, i dodaju da su u pitanju „hakerske manipulacije koje će biti prijavljene Odeljenju za visokotehnološki kriminal Ministarstva unutrašnjih poslova“. Dodaju i da očekuju rešavanje u što bržem roku.
Izvor: https://n1info.rs/vesti/ministarstvo-fin...oj-pomoci/
P.S. Samo da dodam da je izjava koja sadrži frazu "hakerske manipulacije", čista glupost. Mogli su malo bolje to da sroče... ili možda ne, jer se vlast koristi ovim trikovima nonstop (anonimni portali, botovi, phishing 1 i 2, itd...).
|
|
|
|
| Microsoft SharePoint - Šifrovani dokumenti spam |
|
Posted by: milos_rs - 10-19-2023, 09:07 AM - Forum: Phishing / Scam / Spam kampanje
- Replies (1)
|
 |
Ovo nije ništa novo samo sam ga upecao dok je sve još uvek online pa da podelim...
Mejl izgleda ovako:
Headeri, kontam da je hakovan nalog mada ovaj txreipartners.com nema ni sajt a i hostovan je u hrvatskoj, malo sus
Code: txreipartners.com has address 88.209.205.83
txreipartners.com mail is handled by 1 txreipartners.com.
Code: Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from cp11.ulimitserver.com
by cp11.ulimitserver.com with LMTP
id L0S0HvsnLWWCWQAAEIIGUw
(envelope-from <[email protected]>)
for <[email protected]>; Mon, 16 Oct 2023 14:09:31 +0200
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 16 Oct 2023 14:09:31 +0200
Received: from chord.txreipartners.com ([88.209.205.83]:33034)
by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96.1)
(envelope-from <[email protected]>)
id 1qsMPK-0005sI-1U
for [email protected];
Mon, 16 Oct 2023 14:09:23 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=txreipartners.com;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; [email protected];
bh=6cKYkC+xJKS/zcHJg1C88Uwpwf0=;
b=FsSol1XJbaXiMd/fTETBxlRjC5DOOXnyjEDhwtb8RCquDCQLV8Cl1/4gWklFK+rKoTeBT+3XiTC+
MKgaiEvK0VCsZWQCTox0dCxkG/4sMWCbL/rwBGW963KrxHdJVyxUFhBx8lQ1r5TF3SfanN0kRMbl
yDG9XVTnfwI11nPjpjNRUzjLjGIH+Zh9c0DGyjlQ+hoFBpIIs6H8qoRdzfbryjYCNqI6Hvv5nixG
/d/juj1Ed1RR4qLIaLjn2ItLdKTjdgtPuUUkAfMk/suqdyZAmcwMUyc3YOpr8x8THPOOzl8jDD2N
KHFf86SNTxpjpgSM2/dlsIxeyPdmmoXqir9WyQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=txreipartners.com;
b=MXVGItK5Y63h1UUChGsvI72Ak0kDQVpqiC1QSjgoYr2uPmaOA9Ll6Q3HXsntZGqbHY02hmYQ5CnJ
qDvTHjtCMW1CTwpCRLclUu7b90jzBQl/ioPXLGeurw8KSQudoK8ea5x/4JtwSuwt2Hui7G0fvMJL
1vNHYztic1plgDcewWHfduUKGcjZDN7q/gTsaX7NcHs4pK2THwI1JoP44L7LAX3v7HygSswiEpKF
/9I33D8WwOyakfMoED52LSOLXliTkdZGRDZMiJz1MVyVM6rVxsUiwhG4tPyIUAf/oTJSi0uYIkwN
zMVWAeHTBuxNeBLFZyFiPoIjehpJOGxRx4wqcg==;
From: Microsoft SharePoint - BLAH.rs <[email protected]>
To: [email protected]
Subject: {Spam?} [email protected]
Date: 16 Oct 2023 05:09:13 -0700
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam-Subject: ***SPAM*** [email protected]
X-Spam-Status: Yes, score=9.2
X-Spam-Score: 92
X-Spam-Bar: +++++++++
X-Spam-Report: Spam detection software, running on the system "cp11.ulimitserver.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Microsoft SharePoint Šifrovani dokumenti Imate šifrovane
dokumente iz Microsoft SharePoint-a Dokument 1: Ugovor Dokument 2: SWIFT
Dokument 3: Proforma faktura Iz sigurnosnih razloga, ovi dokumenti su šifrirani.
Pregledati Dokumente Hvala, Tim za Microsoft nalog
Content analysis details: (9.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_MALWARE Contains a malware URL listed in the Spamhaus
DBL blocklist
[URIs: txreipartners.com]
0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS
blocklist
[URIs: txreipartners.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 URI_HEX URI: URI hostname has long hexadecimal sequence
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
0.5 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.1 TO_IN_SUBJ To address is in Subject
X-Spam-Flag: YES
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1qsMPK-0005sI-1U
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=8.965, required 5, DCC_CHECK 1.10, DKIM_SIGNED 0.10,
DKIM_VALID -0.10, DKIM_VALID_AU -0.10, DKIM_VALID_EF -0.10,
FSL_BULK_SIG 0.47, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.64,
MIME_HTML_ONLY 0.10, RAZOR2_CF_RANGE_51_100 2.43, RAZOR2_CHECK 1.73,
SPF_PASS -0.00, URIBL_CSS_A 0.10, URIBL_DBL_MALWARE 2.50,
URI_HEX 0.10)
X-PlusHosting-MailScanner-SpamScore: ssssssss
X-PlusHosting-MailScanner-From: [email protected]
Link u mejlu vodi ka pub-0691f791e27445e186a96f6163534e0a.r2 .dev/index.html#[email protected]
Stranica izgleda ovako:
Kad se unese šifra pošalje je na mnemonicparsingbackup .xyz/ugovor/billions.php
Ovo ime foldera "ugovor" malo sus takođe, da nisu neki domaći ili regionalni akteri? Ili je samo hakovan hosting i taj folder se našao otvorenim, ne znam.
shared hostovan i registrovan na namecheap, možda od strane samih likova, mada je Creation Date: 2022-05-17T13:32:14.0Z
Pošto radi directory listing vidi se ovo:
dobijam access denied za pristup error_log, u ovom fajlu su verovatno pokradene šifre i po veličini bih rekao da se dosta ljudi upeca na ovo
|
|
|
|
|
